Ukraine hactivists allegedly leaked 7m credit card details

A mass dump of credit and debit card information online by a
group that claims to be Anonymous Ukraine could potentially be a
smear campaign carried out by Russian opponents or their
supporters.

On 24 March the group posted four links -- one each for Visa,
MasterCard, Discover and American Express information -- to
Pastebin and later tweeted about yet more drops, claiming the seven
million details would be the first of many shares from its total
repository of 800 million.

"After the USA showed its true face when she unilaterally
decides which of the peoples to live independently and who under
the yoke of the Federal Reserve, we decided to show the world who
is behind the future collapse of the American banking system,"
wrote the group.

Many of these numbers, however, are not linked with the three
numbers on the back of the card, the CCV code, essentially
rendering them useless.

"It's really too early to tell for sure until someone has waded
through all the data, but some of what I have seen shared on social
media looks quite old," Chris Boyd, malware intelligence analyst at
Malwarebytes, told Wired.co.uk. "A lot of the data I've looked at
so far lacks personal information or is invalid, and isn't in any
sort of format a random passer-by could make use of. There is
seemingly no malware in the files in question."

A representative from Risk Based Security has told the Information Security Media Group that it has identified around
4,000 pieces of information that do in fact come with full user
data such as a social security number (most of the details appear
to come from US banks), birth date and even postcode.

The tweets making the claims came from @Op_Ukraine, not
@UkrAnonymous, which has far more followers; or @UkraineAnon, which
has tweeted much more. This, combined with the aforementioned
details, has led some to suggest the boast might be nothing more
than a smear campaign making use of old or even false data.

The Ukraine has in recent years repeatedly been referred to as a
"cybercrime haven", so if it's a smear it's a well-placed one.
However, Russia has its own escalating problems with this type of
criminal activity. Just last year US authorities uncovered a seven-year-long fraud
ring responsible for $300 million (£180 million) of costs to
companies. The perpetrators -- who disabled anti-virus software on
a victim's computer -- were mainly based in Russia, with a
Ukraine-based hacker helping hide their activities.

In January of this year, a report from Russia's Interior
Ministry noted that telecommunications and computer technology
crimes had risen in the country by 8.6 percent in 2013, during
which time attacks that would have cost the public $28 million
(nearly £17 million) were scuppered.

The fact is, anyone could be responsible for the PasteBin dump.
But if you'e going to run a smear campaign, posturing as a group
that calls itself anonymous is probably the right way to go. The
genuine Anonymous is usually quite vocal about what it is and isn't
involved in, but the Ukraine contingent does not appear to have a
huge social media presence compared to other factions, so that
might explain why no denials have surfaced yet.

"The fact that the authenticity of the details has been brought
into question highlights how common a tool hacktivism is in real
world political conflicts," Boyd tells Wired.co.uk. "What started
as a guerilla technique, employed by smaller groups of people
trying to use the internet as a force multiplier, has become
mainstream. I wouldn't be surprised if this continues to play out
online for some time as the situation in Eastern Europe develops,
as both countries have quite active online communities."